If hackers did not exist, the government would have to invent them

The image of a hacker prevailing in popular culture and news - an evil, juvenile techno-wizard who has the desire and ability to inflict enormous damage on innocent citizens and society as a whole - has little to do with reality.

This distorted picture directs attention and resources to fighting ghosts rather than tackling the much more common data security issues. According to Privacy Rights Clearinghouse, the loss or improper disposal of paper documents, flash drives, laptops and computers has caused more than 1,400 data leaks since 2005 - almost half of all reported cases. As a result of these leaks, more than 180 million individual records were compromised, including names, social security numbers, addresses, credit card numbers, and more. Compare this to the 631 incident in the same period, caused by hackers or viruses. There is a much greater chance that your private data will fall into the wrong hands due to the fact that someone will forget the office laptop in the subway car than through the fault of the cracker.

Another serious threat is insiders or offended employees. A recent survey by The Wall Street Journal, showed that 71% of IT department managers consider this threat to be the most dangerous.

And, finally, the recent linkedIn password database leak indicates that we ourselves are the biggest threat to our security: more than two-thirds of LinkedIn passwords were shorter than eight characters, and only one percent of passwords contained letters in both registers, numbers and special characters.

But it seems that real threats are hard to compete with hackers in the heads of people who write laws. A hacker - a modern bogeyman who embodies all our fears of technology - is in the spotlight. As a result, more and more paranoid laws are being adopted that impede free and private communication on the network, robbing us of our control over technology and putting us at risk of unreasonable harassment and overly aggressive investigation and surveillance procedures. Computer Fraud and Abuse Act ( CFAA) Is the cornerstone of American computer crime law, full of overly broad generalizations and fuzzy definitions. Since its adoption in 1986, this act has caused many confusing precedents and exaggerated accusations. The U.S. Department of Defense and Homeland Security uses fears of technological threats to push for funding and push laws (such as the notorious SOPA and CISPA ) that could have dire consequences for our rights. To protect freedom of speech and privacy on the Internet, we should seriously reconsider our attitude to the grim image of a hacker, which serves as an excuse for expanding the powers of special services.

The image of a hacker in popular culture developed as our attitude toward technology changed. In the 1983 film War Games, the hacker appeared in the image of a child driven by interest and curiosity, who inadvertently disrupted the work of a military supercomputer. Subsequent incarnations in the films “Hackers,” “Silence,” “Golden Eye” and “Die Hard 4” became much more dangerous and acted intentionally, breaking into computer systems and causing irreparable damage to unfortunate victims. A hacker in an American film is almost always a white man, from the middle class, psychologically immature, asocial and vengeful. They are driven by selfishness or mental problems. The plot of such films is based on the apocalyptic techno-paranoia, faith in complete control by a hacker over any technology in the world.

News stories follow the same stamp of mass culture. A hacker living in a dark basement is the main villain of the evening news and front pages of newspapers, regardless of how close this image is to reality. The word “hacking” is used as a universal term for any cybercrime or incident, regardless of the method of its commission and the qualification of a “cracker”. Journalists often confuse the potential vulnerability and the hack that actually happened, taking news from computer security conferences, which are more likely to be of academic importance, for hacking systems and algorithms that were actually implemented. The latest fad is the Anonymous group, news of which is adding fuel to the flames of technological paranoia and, as Johai Benkler wrote in a recent article in Foreign Affairserase the distinction between electronic civil disobedience and cybercrime, thereby causing enormous damage to the very idea of ​​political activity on the Internet.

A hacker lurks in the depths of the network, he is an elusive threat, he is able to strike, being on the other side of the planet. His pathological passion for technology, his primitive craving for hacking is impossible to curb. He is asocial and doesn’t give a damn about the framework of normal people’s behavior; he is only interested in the society of other hackers who strive to surpass each other in an infantile passion for vandalism on the Internet. Add to this cocktail the superhuman abilities of manipulating with any piece of iron that can execute at least some code, and here it is - a modern scarecrow from which society must be protected at all costs.

To protect society and the state from the threat posed by this imaginary enemy, the U.S. government adopts overly broad and dimly written laws and regulations that seriously undermine Internet freedom and jeopardize its role as a platform for political discussion and creative expression. When trying to outplay the evil hackers, laws like CFAA prioritize certain actions on the network, giving much less importance to the intent or real damage from them. This leads to the fact that many completely innocent acts could potentially be prosecuted. When suspicion and fear of hackers becomes the basis of a policy regarding freedom, privacy and Internet access, bills such as the CISPA appear, which, if it becomes law, will have devastating consequences for online privacy. The demonic image of a hacker from news and film militants serves as a demonstrative target and justification for such laws and rules. Instead of ghostly hackers, they will make us criminals and accomplices, confusing technical knowledge and skills with the intention of doing harm, as was the case inBret McDanel’s case , which served 16 months for sending several thousand messages about a hole in the mail server after the manufacturing company ignored all warnings about the threat.

Building state and corporate policies on the image of a stereotypical movie villain is ineffective at best, and criminal at worst. The network is full of real threats, from a forgotten laptop on the bus or a disregard for illiteracy and security to the increasingly real danger of cyber war between states. If you throw a disproportionate amount of energy into the fight against hackers, then there will be neither time nor resources to overcome real threats. By shutting down file hosting services, introducing criminal liability for jailbreaks, modding and violation of the terms of use, limiting the possibility of anonymous expressions on the network, the government and special services derive maximum benefit from the atmosphere of fear and waste state and corporate resources. Fortunately, some recent lawsuits, such asDavid Nozal’s case is already narrowing the scope of the CFAA, which gives us hope that the Internet can be regulated by methods more adequate to reality.

To work out reasonable rules for playing the game on the Internet, you need to discard the stereotype of a hacker as the main source of threat. In recent years, the Internet has become a major haven for free political debate, both in the US and around the world. The Internet is used to exchange ideas, organize protests, and overthrow dictators. We value freedom of speech dearly here in our own country. But US laws governing the Internet have a disproportionate impact on the rest of the world. We must ask ourselves if we want the next Arab spring to be regulated to death by rules adopted to deal with a non-existent threat?